| Message ID | 1380406879-6174-11-git-send-email-martin@martin.st |
|---|---|
| State | Committed |
| Commit | 640a2427aafa774b83316b7a8c5c2bdc28bfd269 |
| Headers | show |
On Sun, Sep 29, 2013 at 01:21:13AM +0300, Martin Storsjö wrote: > CC: libav-stable@libav.org > --- > libavformat/bfi.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/libavformat/bfi.c b/libavformat/bfi.c > index 5d7ccb8..19060e7 100644 > --- a/libavformat/bfi.c > +++ b/libavformat/bfi.c > @@ -132,6 +132,10 @@ static int bfi_read_packet(AVFormatContext * s, AVPacket * pkt) > video_offset = avio_rl32(pb); > audio_size = video_offset - audio_offset; > bfi->video_size = chunk_size - video_offset; > + if (audio_size < 0 || bfi->video_size < 0) { > + av_log(s, AV_LOG_ERROR, "Invalid audio/video offsets or chunk size\n"); > + return AVERROR_INVALIDDATA; > + } > > //Tossing an audio packet at the audio decoder. > ret = av_get_packet(pb, pkt, audio_size); > -- looks OK
diff --git a/libavformat/bfi.c b/libavformat/bfi.c index 5d7ccb8..19060e7 100644 --- a/libavformat/bfi.c +++ b/libavformat/bfi.c @@ -132,6 +132,10 @@ static int bfi_read_packet(AVFormatContext * s, AVPacket * pkt) video_offset = avio_rl32(pb); audio_size = video_offset - audio_offset; bfi->video_size = chunk_size - video_offset; + if (audio_size < 0 || bfi->video_size < 0) { + av_log(s, AV_LOG_ERROR, "Invalid audio/video offsets or chunk size\n"); + return AVERROR_INVALIDDATA; + } //Tossing an audio packet at the audio decoder. ret = av_get_packet(pb, pkt, audio_size);